Vulnerabilities > Linux > Linux Kernel > 4.4.3

DATE CVE VULNERABILITY TITLE RISK
2019-04-25 CVE-2019-3900 Infinite Loop vulnerability in multiple products
An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx().
7.7
2019-04-23 CVE-2019-11487 Use After Free vulnerability in multiple products
The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists.
local
low complexity
linux debian canonical CWE-416
7.8
2019-04-23 CVE-2019-11486 Race Condition vulnerability in multiple products
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
local
high complexity
linux debian opensuse netapp CWE-362
7.0
2019-04-12 CVE-2019-11191 Race Condition vulnerability in Linux Kernel
The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in fs/binfmt_aout.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.
local
high complexity
linux CWE-362
2.5
2019-04-12 CVE-2019-11190 Race Condition vulnerability in Linux Kernel
The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs (such as /bin/su) because install_exec_creds() is called too late in load_elf_binary() in fs/binfmt_elf.c, and thus the ptrace_may_access() check has a race condition when reading /proc/pid/stat.
local
linux CWE-362
4.7
2019-04-11 CVE-2019-3460 Improper Input Validation vulnerability in multiple products
A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.
6.5
2019-04-11 CVE-2019-3459 Out-of-bounds Read vulnerability in multiple products
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
6.5
2019-03-21 CVE-2019-9857 Memory Leak vulnerability in Linux Kernel
In the Linux kernel through 5.0.2, the function inotify_update_existing_watch() in fs/notify/inotify/inotify_user.c neglects to call fsnotify_put_mark() with IN_MASK_CREATE after fsnotify_find_mark(), which will cause a memory leak (aka refcount leak).
local
low complexity
linux CWE-401
5.5
2019-03-21 CVE-2019-7222 The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. 5.5
2019-03-21 CVE-2019-7221 Use After Free vulnerability in multiple products
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
7.8